E-Business Privacy Regulations

Although the Federal Trade Commission takes online privacy seriously, there are few consumer privacy regulations that apply specifically to e-businesses, other than the Children’s Online Privacy Protection Act. However, e-businesses must comply with privacy and data security provisions in broader regulations such as the Fair Credit Reporting Act, the Red Flags Rule -- which deals with identify theft -- the Health Breach Notification Rule and the Health Insurance Portability and Accountability Act. As an alternative to specific legislation, in March 2012 the FTC issued privacy best-practices e-businesses should follow in protecting electronic information.

Privacy by Design

Incorporating privacy best practices is important whether you conduct business on a website, mobile application or both. A good way to handle regulatory issues focusing on consumer privacy is to follow the FTC’s “privacy by design” best practice recommendations. These include security measures such as data encryption, a strong password policy and default settings that delete credit or debit card numbers at the end of each transaction. These also include taking steps to promote data accuracy. For example, ask customers to verify their information with double-entry confirmation and format text boxes containing Social Security or credit card numbers to increase data accuracy.

Optional Privacy Statement

The FTC stops short of requiring e-businesses to include a written privacy statement in a business website or mobile application. However, because a written privacy statement shows your business is serious about privacy and information security, most e-businesses consider this an ethical responsibility. If your e-business chooses to include a privacy statement, the FTC says you must clearly explain what information you collect and how you use private information. If you share private information with a third-party company, such as a credit reporting agency or financial institution, you must not only tell customers, but also provide information about the company’s security practices.

Control and Transparency

It’s as important to allow customers to make choices about their private information as it is to include a written privacy statement in a business website or mobile application. Make sure your customers don’t disclose information they may not want your e-business to collect or share with privacy settings and opt-out options. If your e-business caters to children under 13 years of age, get parental consent before collecting personal information. In addition, make sure to use design elements such as color, font and bolding that call attention to privacy-related information.

About the Author

Based in Green Bay, Wisc., Jackie Lohrey has been writing professionally since 2009. In addition to writing web content and training manuals for small business clients and nonprofit organizations, including ERA Realtors and the Bay Area Humane Society, Lohrey also works as a finance data analyst for a global business outsourcing company.